Statistics
| Branch: | Revision:

root / aes.c @ 5fafdf24

History | View | Annotate | Download (59.8 kB)

1
/**
2
 *
3
 * aes.c - integrated in QEMU by Fabrice Bellard from the OpenSSL project.
4
 */
5
/*
6
 * rijndael-alg-fst.c
7
 *
8
 * @version 3.0 (December 2000)
9
 *
10
 * Optimised ANSI C code for the Rijndael cipher (now AES)
11
 *
12
 * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
13
 * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
14
 * @author Paulo Barreto <paulo.barreto@terra.com.br>
15
 *
16
 * This code is hereby placed in the public domain.
17
 *
18
 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
19
 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20
 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
22
 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
23
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
25
 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
26
 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
27
 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
28
 * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29
 */
30
#include "vl.h"
31
#include "aes.h"
32

    
33
#define NDEBUG
34
#include <assert.h>
35

    
36
typedef uint32_t u32;
37
typedef uint16_t u16;
38
typedef uint8_t u8;
39

    
40
#define MAXKC   (256/32)
41
#define MAXKB   (256/8)
42
#define MAXNR   14
43

    
44
/* This controls loop-unrolling in aes_core.c */
45
#undef FULL_UNROLL
46
# define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] <<  8) ^ ((u32)(pt)[3]))
47
# define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >>  8); (ct)[3] = (u8)(st); }
48

    
49
/*
50
Te0[x] = S [x].[02, 01, 01, 03];
51
Te1[x] = S [x].[03, 02, 01, 01];
52
Te2[x] = S [x].[01, 03, 02, 01];
53
Te3[x] = S [x].[01, 01, 03, 02];
54
Te4[x] = S [x].[01, 01, 01, 01];
55

56
Td0[x] = Si[x].[0e, 09, 0d, 0b];
57
Td1[x] = Si[x].[0b, 0e, 09, 0d];
58
Td2[x] = Si[x].[0d, 0b, 0e, 09];
59
Td3[x] = Si[x].[09, 0d, 0b, 0e];
60
Td4[x] = Si[x].[01, 01, 01, 01];
61
*/
62

    
63
static const u32 Te0[256] = {
64
    0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
65
    0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
66
    0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU,
67
    0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU,
68
    0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U,
69
    0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU,
70
    0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU,
71
    0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU,
72
    0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU,
73
    0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU,
74
    0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U,
75
    0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU,
76
    0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU,
77
    0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U,
78
    0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU,
79
    0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU,
80
    0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU,
81
    0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU,
82
    0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU,
83
    0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U,
84
    0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU,
85
    0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU,
86
    0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU,
87
    0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU,
88
    0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U,
89
    0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U,
90
    0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U,
91
    0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U,
92
    0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU,
93
    0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U,
94
    0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U,
95
    0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU,
96
    0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU,
97
    0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U,
98
    0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U,
99
    0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U,
100
    0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU,
101
    0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U,
102
    0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU,
103
    0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U,
104
    0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU,
105
    0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U,
106
    0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U,
107
    0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU,
108
    0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U,
109
    0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U,
110
    0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U,
111
    0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U,
112
    0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U,
113
    0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U,
114
    0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U,
115
    0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U,
116
    0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU,
117
    0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U,
118
    0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U,
119
    0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U,
120
    0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U,
121
    0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U,
122
    0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U,
123
    0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU,
124
    0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U,
125
    0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U,
126
    0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U,
127
    0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU,
128
};
129
static const u32 Te1[256] = {
130
    0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU,
131
    0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U,
132
    0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU,
133
    0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U,
134
    0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU,
135
    0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U,
136
    0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU,
137
    0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U,
138
    0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U,
139
    0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU,
140
    0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U,
141
    0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U,
142
    0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U,
143
    0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU,
144
    0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U,
145
    0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U,
146
    0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU,
147
    0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U,
148
    0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U,
149
    0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U,
150
    0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU,
151
    0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU,
152
    0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U,
153
    0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU,
154
    0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU,
155
    0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U,
156
    0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU,
157
    0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U,
158
    0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU,
159
    0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U,
160
    0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U,
161
    0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U,
162
    0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU,
163
    0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U,
164
    0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU,
165
    0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U,
166
    0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU,
167
    0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U,
168
    0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U,
169
    0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU,
170
    0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU,
171
    0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU,
172
    0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U,
173
    0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U,
174
    0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU,
175
    0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U,
176
    0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU,
177
    0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U,
178
    0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU,
179
    0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U,
180
    0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU,
181
    0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU,
182
    0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U,
183
    0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU,
184
    0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U,
185
    0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU,
186
    0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U,
187
    0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U,
188
    0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U,
189
    0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU,
190
    0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU,
191
    0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U,
192
    0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU,
193
    0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U,
194
};
195
static const u32 Te2[256] = {
196
    0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU,
197
    0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U,
198
    0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU,
199
    0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U,
200
    0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU,
201
    0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U,
202
    0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU,
203
    0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U,
204
    0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U,
205
    0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU,
206
    0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U,
207
    0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U,
208
    0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U,
209
    0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU,
210
    0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U,
211
    0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U,
212
    0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU,
213
    0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U,
214
    0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U,
215
    0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U,
216
    0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU,
217
    0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU,
218
    0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U,
219
    0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU,
220
    0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU,
221
    0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U,
222
    0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU,
223
    0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U,
224
    0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU,
225
    0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U,
226
    0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U,
227
    0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U,
228
    0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU,
229
    0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U,
230
    0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU,
231
    0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U,
232
    0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU,
233
    0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U,
234
    0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U,
235
    0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU,
236
    0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU,
237
    0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU,
238
    0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U,
239
    0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U,
240
    0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU,
241
    0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U,
242
    0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU,
243
    0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U,
244
    0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU,
245
    0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U,
246
    0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU,
247
    0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU,
248
    0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U,
249
    0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU,
250
    0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U,
251
    0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU,
252
    0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U,
253
    0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U,
254
    0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U,
255
    0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU,
256
    0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU,
257
    0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U,
258
    0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU,
259
    0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U,
260
};
261
static const u32 Te3[256] = {
262

    
263
    0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U,
264
    0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U,
265
    0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U,
266
    0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU,
267
    0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU,
268
    0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU,
269
    0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U,
270
    0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU,
271
    0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU,
272
    0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U,
273
    0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U,
274
    0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU,
275
    0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU,
276
    0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU,
277
    0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU,
278
    0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU,
279
    0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U,
280
    0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU,
281
    0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU,
282
    0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U,
283
    0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U,
284
    0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U,
285
    0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U,
286
    0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U,
287
    0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU,
288
    0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U,
289
    0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU,
290
    0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU,
291
    0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U,
292
    0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U,
293
    0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U,
294
    0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU,
295
    0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U,
296
    0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU,
297
    0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU,
298
    0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U,
299
    0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U,
300
    0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU,
301
    0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U,
302
    0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU,
303
    0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U,
304
    0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U,
305
    0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U,
306
    0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U,
307
    0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU,
308
    0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U,
309
    0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU,
310
    0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U,
311
    0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU,
312
    0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U,
313
    0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU,
314
    0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU,
315
    0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU,
316
    0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU,
317
    0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U,
318
    0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U,
319
    0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U,
320
    0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U,
321
    0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U,
322
    0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U,
323
    0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU,
324
    0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U,
325
    0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU,
326
    0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU,
327
};
328
static const u32 Te4[256] = {
329
    0x63636363U, 0x7c7c7c7cU, 0x77777777U, 0x7b7b7b7bU,
330
    0xf2f2f2f2U, 0x6b6b6b6bU, 0x6f6f6f6fU, 0xc5c5c5c5U,
331
    0x30303030U, 0x01010101U, 0x67676767U, 0x2b2b2b2bU,
332
    0xfefefefeU, 0xd7d7d7d7U, 0xababababU, 0x76767676U,
333
    0xcacacacaU, 0x82828282U, 0xc9c9c9c9U, 0x7d7d7d7dU,
334
    0xfafafafaU, 0x59595959U, 0x47474747U, 0xf0f0f0f0U,
335
    0xadadadadU, 0xd4d4d4d4U, 0xa2a2a2a2U, 0xafafafafU,
336
    0x9c9c9c9cU, 0xa4a4a4a4U, 0x72727272U, 0xc0c0c0c0U,
337
    0xb7b7b7b7U, 0xfdfdfdfdU, 0x93939393U, 0x26262626U,
338
    0x36363636U, 0x3f3f3f3fU, 0xf7f7f7f7U, 0xccccccccU,
339
    0x34343434U, 0xa5a5a5a5U, 0xe5e5e5e5U, 0xf1f1f1f1U,
340
    0x71717171U, 0xd8d8d8d8U, 0x31313131U, 0x15151515U,
341
    0x04040404U, 0xc7c7c7c7U, 0x23232323U, 0xc3c3c3c3U,
342
    0x18181818U, 0x96969696U, 0x05050505U, 0x9a9a9a9aU,
343
    0x07070707U, 0x12121212U, 0x80808080U, 0xe2e2e2e2U,
344
    0xebebebebU, 0x27272727U, 0xb2b2b2b2U, 0x75757575U,
345
    0x09090909U, 0x83838383U, 0x2c2c2c2cU, 0x1a1a1a1aU,
346
    0x1b1b1b1bU, 0x6e6e6e6eU, 0x5a5a5a5aU, 0xa0a0a0a0U,
347
    0x52525252U, 0x3b3b3b3bU, 0xd6d6d6d6U, 0xb3b3b3b3U,
348
    0x29292929U, 0xe3e3e3e3U, 0x2f2f2f2fU, 0x84848484U,
349
    0x53535353U, 0xd1d1d1d1U, 0x00000000U, 0xededededU,
350
    0x20202020U, 0xfcfcfcfcU, 0xb1b1b1b1U, 0x5b5b5b5bU,
351
    0x6a6a6a6aU, 0xcbcbcbcbU, 0xbebebebeU, 0x39393939U,
352
    0x4a4a4a4aU, 0x4c4c4c4cU, 0x58585858U, 0xcfcfcfcfU,
353
    0xd0d0d0d0U, 0xefefefefU, 0xaaaaaaaaU, 0xfbfbfbfbU,
354
    0x43434343U, 0x4d4d4d4dU, 0x33333333U, 0x85858585U,
355
    0x45454545U, 0xf9f9f9f9U, 0x02020202U, 0x7f7f7f7fU,
356
    0x50505050U, 0x3c3c3c3cU, 0x9f9f9f9fU, 0xa8a8a8a8U,
357
    0x51515151U, 0xa3a3a3a3U, 0x40404040U, 0x8f8f8f8fU,
358
    0x92929292U, 0x9d9d9d9dU, 0x38383838U, 0xf5f5f5f5U,
359
    0xbcbcbcbcU, 0xb6b6b6b6U, 0xdadadadaU, 0x21212121U,
360
    0x10101010U, 0xffffffffU, 0xf3f3f3f3U, 0xd2d2d2d2U,
361
    0xcdcdcdcdU, 0x0c0c0c0cU, 0x13131313U, 0xececececU,
362
    0x5f5f5f5fU, 0x97979797U, 0x44444444U, 0x17171717U,
363
    0xc4c4c4c4U, 0xa7a7a7a7U, 0x7e7e7e7eU, 0x3d3d3d3dU,
364
    0x64646464U, 0x5d5d5d5dU, 0x19191919U, 0x73737373U,
365
    0x60606060U, 0x81818181U, 0x4f4f4f4fU, 0xdcdcdcdcU,
366
    0x22222222U, 0x2a2a2a2aU, 0x90909090U, 0x88888888U,
367
    0x46464646U, 0xeeeeeeeeU, 0xb8b8b8b8U, 0x14141414U,
368
    0xdedededeU, 0x5e5e5e5eU, 0x0b0b0b0bU, 0xdbdbdbdbU,
369
    0xe0e0e0e0U, 0x32323232U, 0x3a3a3a3aU, 0x0a0a0a0aU,
370
    0x49494949U, 0x06060606U, 0x24242424U, 0x5c5c5c5cU,
371
    0xc2c2c2c2U, 0xd3d3d3d3U, 0xacacacacU, 0x62626262U,
372
    0x91919191U, 0x95959595U, 0xe4e4e4e4U, 0x79797979U,
373
    0xe7e7e7e7U, 0xc8c8c8c8U, 0x37373737U, 0x6d6d6d6dU,
374
    0x8d8d8d8dU, 0xd5d5d5d5U, 0x4e4e4e4eU, 0xa9a9a9a9U,
375
    0x6c6c6c6cU, 0x56565656U, 0xf4f4f4f4U, 0xeaeaeaeaU,
376
    0x65656565U, 0x7a7a7a7aU, 0xaeaeaeaeU, 0x08080808U,
377
    0xbabababaU, 0x78787878U, 0x25252525U, 0x2e2e2e2eU,
378
    0x1c1c1c1cU, 0xa6a6a6a6U, 0xb4b4b4b4U, 0xc6c6c6c6U,
379
    0xe8e8e8e8U, 0xddddddddU, 0x74747474U, 0x1f1f1f1fU,
380
    0x4b4b4b4bU, 0xbdbdbdbdU, 0x8b8b8b8bU, 0x8a8a8a8aU,
381
    0x70707070U, 0x3e3e3e3eU, 0xb5b5b5b5U, 0x66666666U,
382
    0x48484848U, 0x03030303U, 0xf6f6f6f6U, 0x0e0e0e0eU,
383
    0x61616161U, 0x35353535U, 0x57575757U, 0xb9b9b9b9U,
384
    0x86868686U, 0xc1c1c1c1U, 0x1d1d1d1dU, 0x9e9e9e9eU,
385
    0xe1e1e1e1U, 0xf8f8f8f8U, 0x98989898U, 0x11111111U,
386
    0x69696969U, 0xd9d9d9d9U, 0x8e8e8e8eU, 0x94949494U,
387
    0x9b9b9b9bU, 0x1e1e1e1eU, 0x87878787U, 0xe9e9e9e9U,
388
    0xcecececeU, 0x55555555U, 0x28282828U, 0xdfdfdfdfU,
389
    0x8c8c8c8cU, 0xa1a1a1a1U, 0x89898989U, 0x0d0d0d0dU,
390
    0xbfbfbfbfU, 0xe6e6e6e6U, 0x42424242U, 0x68686868U,
391
    0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU,
392
    0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U,
393
};
394
static const u32 Td0[256] = {
395
    0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
396
    0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,
397
    0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U,
398
    0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU,
399
    0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U,
400
    0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U,
401
    0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU,
402
    0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U,
403
    0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU,
404
    0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U,
405
    0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U,
406
    0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U,
407
    0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U,
408
    0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU,
409
    0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U,
410
    0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU,
411
    0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U,
412
    0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU,
413
    0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U,
414
    0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U,
415
    0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U,
416
    0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU,
417
    0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U,
418
    0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU,
419
    0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U,
420
    0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU,
421
    0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U,
422
    0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU,
423
    0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU,
424
    0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U,
425
    0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU,
426
    0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U,
427
    0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU,
428
    0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U,
429
    0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U,
430
    0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U,
431
    0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU,
432
    0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U,
433
    0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U,
434
    0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU,
435
    0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U,
436
    0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U,
437
    0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U,
438
    0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U,
439
    0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U,
440
    0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU,
441
    0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U,
442
    0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U,
443
    0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U,
444
    0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U,
445
    0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U,
446
    0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU,
447
    0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU,
448
    0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU,
449
    0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU,
450
    0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U,
451
    0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U,
452
    0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU,
453
    0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU,
454
    0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U,
455
    0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU,
456
    0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U,
457
    0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U,
458
    0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U,
459
};
460
static const u32 Td1[256] = {
461
    0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU,
462
    0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U,
463
    0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU,
464
    0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U,
465
    0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U,
466
    0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U,
467
    0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U,
468
    0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U,
469
    0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U,
470
    0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU,
471
    0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU,
472
    0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU,
473
    0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U,
474
    0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU,
475
    0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U,
476
    0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U,
477
    0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U,
478
    0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU,
479
    0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU,
480
    0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U,
481
    0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU,
482
    0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U,
483
    0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU,
484
    0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU,
485
    0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U,
486
    0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U,
487
    0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U,
488
    0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU,
489
    0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U,
490
    0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU,
491
    0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U,
492
    0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U,
493
    0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U,
494
    0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU,
495
    0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U,
496
    0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U,
497
    0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U,
498
    0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U,
499
    0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U,
500
    0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U,
501
    0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU,
502
    0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU,
503
    0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U,
504
    0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU,
505
    0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U,
506
    0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU,
507
    0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU,
508
    0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U,
509
    0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU,
510
    0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U,
511
    0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U,
512
    0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U,
513
    0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U,
514
    0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U,
515
    0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U,
516
    0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U,
517
    0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU,
518
    0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U,
519
    0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U,
520
    0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU,
521
    0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U,
522
    0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U,
523
    0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U,
524
    0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U,
525
};
526
static const u32 Td2[256] = {
527
    0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U,
528
    0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U,
529
    0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U,
530
    0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U,
531
    0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU,
532
    0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U,
533
    0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U,
534
    0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U,
535
    0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U,
536
    0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU,
537
    0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U,
538
    0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U,
539
    0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU,
540
    0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U,
541
    0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U,
542
    0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U,
543
    0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U,
544
    0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U,
545
    0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U,
546
    0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU,
547

    
548
    0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U,
549
    0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U,
550
    0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U,
551
    0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U,
552
    0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U,
553
    0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU,
554
    0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU,
555
    0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U,
556
    0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU,
557
    0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U,
558
    0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU,
559
    0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU,
560
    0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU,
561
    0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU,
562
    0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U,
563
    0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U,
564
    0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U,
565
    0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U,
566
    0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U,
567
    0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U,
568
    0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U,
569
    0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU,
570
    0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU,
571
    0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U,
572
    0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U,
573
    0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU,
574
    0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU,
575
    0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U,
576
    0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U,
577
    0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U,
578
    0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U,
579
    0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U,
580
    0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U,
581
    0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U,
582
    0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU,
583
    0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U,
584
    0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U,
585
    0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U,
586
    0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U,
587
    0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U,
588
    0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U,
589
    0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU,
590
    0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U,
591
    0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U,
592
};
593
static const u32 Td3[256] = {
594
    0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU,
595
    0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU,
596
    0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U,
597
    0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U,
598
    0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU,
599
    0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU,
600
    0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U,
601
    0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU,
602
    0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U,
603
    0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU,
604
    0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U,
605
    0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U,
606
    0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U,
607
    0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U,
608
    0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U,
609
    0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU,
610
    0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU,
611
    0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U,
612
    0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U,
613
    0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU,
614
    0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU,
615
    0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U,
616
    0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U,
617
    0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U,
618
    0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U,
619
    0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU,
620
    0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U,
621
    0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U,
622
    0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU,
623
    0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU,
624
    0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U,
625
    0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U,
626
    0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U,
627
    0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU,
628
    0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U,
629
    0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U,
630
    0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U,
631
    0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U,
632
    0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U,
633
    0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U,
634
    0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U,
635
    0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU,
636
    0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U,
637
    0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U,
638
    0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU,
639
    0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU,
640
    0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U,
641
    0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU,
642
    0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U,
643
    0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U,
644
    0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U,
645
    0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U,
646
    0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U,
647
    0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U,
648
    0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU,
649
    0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU,
650
    0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU,
651
    0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU,
652
    0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U,
653
    0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U,
654
    0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U,
655
    0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU,
656
    0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U,
657
    0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U,
658
};
659
static const u32 Td4[256] = {
660
    0x52525252U, 0x09090909U, 0x6a6a6a6aU, 0xd5d5d5d5U,
661
    0x30303030U, 0x36363636U, 0xa5a5a5a5U, 0x38383838U,
662
    0xbfbfbfbfU, 0x40404040U, 0xa3a3a3a3U, 0x9e9e9e9eU,
663
    0x81818181U, 0xf3f3f3f3U, 0xd7d7d7d7U, 0xfbfbfbfbU,
664
    0x7c7c7c7cU, 0xe3e3e3e3U, 0x39393939U, 0x82828282U,
665
    0x9b9b9b9bU, 0x2f2f2f2fU, 0xffffffffU, 0x87878787U,
666
    0x34343434U, 0x8e8e8e8eU, 0x43434343U, 0x44444444U,
667
    0xc4c4c4c4U, 0xdedededeU, 0xe9e9e9e9U, 0xcbcbcbcbU,
668
    0x54545454U, 0x7b7b7b7bU, 0x94949494U, 0x32323232U,
669
    0xa6a6a6a6U, 0xc2c2c2c2U, 0x23232323U, 0x3d3d3d3dU,
670
    0xeeeeeeeeU, 0x4c4c4c4cU, 0x95959595U, 0x0b0b0b0bU,
671
    0x42424242U, 0xfafafafaU, 0xc3c3c3c3U, 0x4e4e4e4eU,
672
    0x08080808U, 0x2e2e2e2eU, 0xa1a1a1a1U, 0x66666666U,
673
    0x28282828U, 0xd9d9d9d9U, 0x24242424U, 0xb2b2b2b2U,
674
    0x76767676U, 0x5b5b5b5bU, 0xa2a2a2a2U, 0x49494949U,
675
    0x6d6d6d6dU, 0x8b8b8b8bU, 0xd1d1d1d1U, 0x25252525U,
676
    0x72727272U, 0xf8f8f8f8U, 0xf6f6f6f6U, 0x64646464U,
677
    0x86868686U, 0x68686868U, 0x98989898U, 0x16161616U,
678
    0xd4d4d4d4U, 0xa4a4a4a4U, 0x5c5c5c5cU, 0xccccccccU,
679
    0x5d5d5d5dU, 0x65656565U, 0xb6b6b6b6U, 0x92929292U,
680
    0x6c6c6c6cU, 0x70707070U, 0x48484848U, 0x50505050U,
681
    0xfdfdfdfdU, 0xededededU, 0xb9b9b9b9U, 0xdadadadaU,
682
    0x5e5e5e5eU, 0x15151515U, 0x46464646U, 0x57575757U,
683
    0xa7a7a7a7U, 0x8d8d8d8dU, 0x9d9d9d9dU, 0x84848484U,
684
    0x90909090U, 0xd8d8d8d8U, 0xababababU, 0x00000000U,
685
    0x8c8c8c8cU, 0xbcbcbcbcU, 0xd3d3d3d3U, 0x0a0a0a0aU,
686
    0xf7f7f7f7U, 0xe4e4e4e4U, 0x58585858U, 0x05050505U,
687
    0xb8b8b8b8U, 0xb3b3b3b3U, 0x45454545U, 0x06060606U,
688
    0xd0d0d0d0U, 0x2c2c2c2cU, 0x1e1e1e1eU, 0x8f8f8f8fU,
689
    0xcacacacaU, 0x3f3f3f3fU, 0x0f0f0f0fU, 0x02020202U,
690
    0xc1c1c1c1U, 0xafafafafU, 0xbdbdbdbdU, 0x03030303U,
691
    0x01010101U, 0x13131313U, 0x8a8a8a8aU, 0x6b6b6b6bU,
692
    0x3a3a3a3aU, 0x91919191U, 0x11111111U, 0x41414141U,
693
    0x4f4f4f4fU, 0x67676767U, 0xdcdcdcdcU, 0xeaeaeaeaU,
694
    0x97979797U, 0xf2f2f2f2U, 0xcfcfcfcfU, 0xcecececeU,
695
    0xf0f0f0f0U, 0xb4b4b4b4U, 0xe6e6e6e6U, 0x73737373U,
696
    0x96969696U, 0xacacacacU, 0x74747474U, 0x22222222U,
697
    0xe7e7e7e7U, 0xadadadadU, 0x35353535U, 0x85858585U,
698
    0xe2e2e2e2U, 0xf9f9f9f9U, 0x37373737U, 0xe8e8e8e8U,
699
    0x1c1c1c1cU, 0x75757575U, 0xdfdfdfdfU, 0x6e6e6e6eU,
700
    0x47474747U, 0xf1f1f1f1U, 0x1a1a1a1aU, 0x71717171U,
701
    0x1d1d1d1dU, 0x29292929U, 0xc5c5c5c5U, 0x89898989U,
702
    0x6f6f6f6fU, 0xb7b7b7b7U, 0x62626262U, 0x0e0e0e0eU,
703
    0xaaaaaaaaU, 0x18181818U, 0xbebebebeU, 0x1b1b1b1bU,
704
    0xfcfcfcfcU, 0x56565656U, 0x3e3e3e3eU, 0x4b4b4b4bU,
705
    0xc6c6c6c6U, 0xd2d2d2d2U, 0x79797979U, 0x20202020U,
706
    0x9a9a9a9aU, 0xdbdbdbdbU, 0xc0c0c0c0U, 0xfefefefeU,
707
    0x78787878U, 0xcdcdcdcdU, 0x5a5a5a5aU, 0xf4f4f4f4U,
708
    0x1f1f1f1fU, 0xddddddddU, 0xa8a8a8a8U, 0x33333333U,
709
    0x88888888U, 0x07070707U, 0xc7c7c7c7U, 0x31313131U,
710
    0xb1b1b1b1U, 0x12121212U, 0x10101010U, 0x59595959U,
711
    0x27272727U, 0x80808080U, 0xececececU, 0x5f5f5f5fU,
712
    0x60606060U, 0x51515151U, 0x7f7f7f7fU, 0xa9a9a9a9U,
713
    0x19191919U, 0xb5b5b5b5U, 0x4a4a4a4aU, 0x0d0d0d0dU,
714
    0x2d2d2d2dU, 0xe5e5e5e5U, 0x7a7a7a7aU, 0x9f9f9f9fU,
715
    0x93939393U, 0xc9c9c9c9U, 0x9c9c9c9cU, 0xefefefefU,
716
    0xa0a0a0a0U, 0xe0e0e0e0U, 0x3b3b3b3bU, 0x4d4d4d4dU,
717
    0xaeaeaeaeU, 0x2a2a2a2aU, 0xf5f5f5f5U, 0xb0b0b0b0U,
718
    0xc8c8c8c8U, 0xebebebebU, 0xbbbbbbbbU, 0x3c3c3c3cU,
719
    0x83838383U, 0x53535353U, 0x99999999U, 0x61616161U,
720
    0x17171717U, 0x2b2b2b2bU, 0x04040404U, 0x7e7e7e7eU,
721
    0xbabababaU, 0x77777777U, 0xd6d6d6d6U, 0x26262626U,
722
    0xe1e1e1e1U, 0x69696969U, 0x14141414U, 0x63636363U,
723
    0x55555555U, 0x21212121U, 0x0c0c0c0cU, 0x7d7d7d7dU,
724
};
725
static const u32 rcon[] = {
726
        0x01000000, 0x02000000, 0x04000000, 0x08000000,
727
        0x10000000, 0x20000000, 0x40000000, 0x80000000,
728
        0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
729
};
730

    
731
/**
732
 * Expand the cipher key into the encryption key schedule.
733
 */
734
int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
735
                        AES_KEY *key) {
736

    
737
        u32 *rk;
738
           int i = 0;
739
        u32 temp;
740

    
741
        if (!userKey || !key)
742
                return -1;
743
        if (bits != 128 && bits != 192 && bits != 256)
744
                return -2;
745

    
746
        rk = key->rd_key;
747

    
748
        if (bits==128)
749
                key->rounds = 10;
750
        else if (bits==192)
751
                key->rounds = 12;
752
        else
753
                key->rounds = 14;
754

    
755
        rk[0] = GETU32(userKey     );
756
        rk[1] = GETU32(userKey +  4);
757
        rk[2] = GETU32(userKey +  8);
758
        rk[3] = GETU32(userKey + 12);
759
        if (bits == 128) {
760
                while (1) {
761
                        temp  = rk[3];
762
                        rk[4] = rk[0] ^
763
                                (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
764
                                (Te4[(temp >>  8) & 0xff] & 0x00ff0000) ^
765
                                (Te4[(temp      ) & 0xff] & 0x0000ff00) ^
766
                                (Te4[(temp >> 24)       ] & 0x000000ff) ^
767
                                rcon[i];
768
                        rk[5] = rk[1] ^ rk[4];
769
                        rk[6] = rk[2] ^ rk[5];
770
                        rk[7] = rk[3] ^ rk[6];
771
                        if (++i == 10) {
772
                                return 0;
773
                        }
774
                        rk += 4;
775
                }
776
        }
777
        rk[4] = GETU32(userKey + 16);
778
        rk[5] = GETU32(userKey + 20);
779
        if (bits == 192) {
780
                while (1) {
781
                        temp = rk[ 5];
782
                        rk[ 6] = rk[ 0] ^
783
                                (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
784
                                (Te4[(temp >>  8) & 0xff] & 0x00ff0000) ^
785
                                (Te4[(temp      ) & 0xff] & 0x0000ff00) ^
786
                                (Te4[(temp >> 24)       ] & 0x000000ff) ^
787
                                rcon[i];
788
                        rk[ 7] = rk[ 1] ^ rk[ 6];
789
                        rk[ 8] = rk[ 2] ^ rk[ 7];
790
                        rk[ 9] = rk[ 3] ^ rk[ 8];
791
                        if (++i == 8) {
792
                                return 0;
793
                        }
794
                        rk[10] = rk[ 4] ^ rk[ 9];
795
                        rk[11] = rk[ 5] ^ rk[10];
796
                        rk += 6;
797
                }
798
        }
799
        rk[6] = GETU32(userKey + 24);
800
        rk[7] = GETU32(userKey + 28);
801
        if (bits == 256) {
802
                while (1) {
803
                        temp = rk[ 7];
804
                        rk[ 8] = rk[ 0] ^
805
                                (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
806
                                (Te4[(temp >>  8) & 0xff] & 0x00ff0000) ^
807
                                (Te4[(temp      ) & 0xff] & 0x0000ff00) ^
808
                                (Te4[(temp >> 24)       ] & 0x000000ff) ^
809
                                rcon[i];
810
                        rk[ 9] = rk[ 1] ^ rk[ 8];
811
                        rk[10] = rk[ 2] ^ rk[ 9];
812
                        rk[11] = rk[ 3] ^ rk[10];
813
                        if (++i == 7) {
814
                                return 0;
815
                        }
816
                        temp = rk[11];
817
                        rk[12] = rk[ 4] ^
818
                                (Te4[(temp >> 24)       ] & 0xff000000) ^
819
                                (Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^
820
                                (Te4[(temp >>  8) & 0xff] & 0x0000ff00) ^
821
                                (Te4[(temp      ) & 0xff] & 0x000000ff);
822
                        rk[13] = rk[ 5] ^ rk[12];
823
                        rk[14] = rk[ 6] ^ rk[13];
824
                        rk[15] = rk[ 7] ^ rk[14];
825

    
826
                        rk += 8;
827
                }
828
        }
829
        return 0;
830
}
831

    
832
/**
833
 * Expand the cipher key into the decryption key schedule.
834
 */
835
int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
836
                         AES_KEY *key) {
837

    
838
        u32 *rk;
839
        int i, j, status;
840
        u32 temp;
841

    
842
        /* first, start with an encryption schedule */
843
        status = AES_set_encrypt_key(userKey, bits, key);
844
        if (status < 0)
845
                return status;
846

    
847
        rk = key->rd_key;
848

    
849
        /* invert the order of the round keys: */
850
        for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) {
851
                temp = rk[i    ]; rk[i    ] = rk[j    ]; rk[j    ] = temp;
852
                temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
853
                temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
854
                temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
855
        }
856
        /* apply the inverse MixColumn transform to all round keys but the first and the last: */
857
        for (i = 1; i < (key->rounds); i++) {
858
                rk += 4;
859
                rk[0] =
860
                        Td0[Te4[(rk[0] >> 24)       ] & 0xff] ^
861
                        Td1[Te4[(rk[0] >> 16) & 0xff] & 0xff] ^
862
                        Td2[Te4[(rk[0] >>  8) & 0xff] & 0xff] ^
863
                        Td3[Te4[(rk[0]      ) & 0xff] & 0xff];
864
                rk[1] =
865
                        Td0[Te4[(rk[1] >> 24)       ] & 0xff] ^
866
                        Td1[Te4[(rk[1] >> 16) & 0xff] & 0xff] ^
867
                        Td2[Te4[(rk[1] >>  8) & 0xff] & 0xff] ^
868
                        Td3[Te4[(rk[1]      ) & 0xff] & 0xff];
869
                rk[2] =
870
                        Td0[Te4[(rk[2] >> 24)       ] & 0xff] ^
871
                        Td1[Te4[(rk[2] >> 16) & 0xff] & 0xff] ^
872
                        Td2[Te4[(rk[2] >>  8) & 0xff] & 0xff] ^
873
                        Td3[Te4[(rk[2]      ) & 0xff] & 0xff];
874
                rk[3] =
875
                        Td0[Te4[(rk[3] >> 24)       ] & 0xff] ^
876
                        Td1[Te4[(rk[3] >> 16) & 0xff] & 0xff] ^
877
                        Td2[Te4[(rk[3] >>  8) & 0xff] & 0xff] ^
878
                        Td3[Te4[(rk[3]      ) & 0xff] & 0xff];
879
        }
880
        return 0;
881
}
882

    
883
#ifndef AES_ASM
884
/*
885
 * Encrypt a single block
886
 * in and out can overlap
887
 */
888
void AES_encrypt(const unsigned char *in, unsigned char *out,
889
                 const AES_KEY *key) {
890

    
891
        const u32 *rk;
892
        u32 s0, s1, s2, s3, t0, t1, t2, t3;
893
#ifndef FULL_UNROLL
894
        int r;
895
#endif /* ?FULL_UNROLL */
896

    
897
        assert(in && out && key);
898
        rk = key->rd_key;
899

    
900
        /*
901
         * map byte array block to cipher state
902
         * and add initial round key:
903
         */
904
        s0 = GETU32(in     ) ^ rk[0];
905
        s1 = GETU32(in +  4) ^ rk[1];
906
        s2 = GETU32(in +  8) ^ rk[2];
907
        s3 = GETU32(in + 12) ^ rk[3];
908
#ifdef FULL_UNROLL
909
        /* round 1: */
910
           t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4];
911
           t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5];
912
           t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6];
913
           t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7];
914
           /* round 2: */
915
           s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8];
916
           s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9];
917
           s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10];
918
           s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11];
919
        /* round 3: */
920
           t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12];
921
           t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13];
922
           t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14];
923
           t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15];
924
           /* round 4: */
925
           s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16];
926
           s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17];
927
           s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18];
928
           s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19];
929
        /* round 5: */
930
           t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20];
931
           t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21];
932
           t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22];
933
           t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23];
934
           /* round 6: */
935
           s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24];
936
           s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25];
937
           s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26];
938
           s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27];
939
        /* round 7: */
940
           t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28];
941
           t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29];
942
           t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30];
943
           t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31];
944
           /* round 8: */
945
           s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32];
946
           s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33];
947
           s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34];
948
           s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35];
949
        /* round 9: */
950
           t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36];
951
           t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37];
952
           t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38];
953
           t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39];
954
    if (key->rounds > 10) {
955
        /* round 10: */
956
        s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40];
957
        s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[41];
958
        s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[42];
959
        s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[43];
960
        /* round 11: */
961
        t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[44];
962
        t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[45];
963
        t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[46];
964
        t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[47];
965
        if (key->rounds > 12) {
966
            /* round 12: */
967
            s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[48];
968
            s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[49];
969
            s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[50];
970
            s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[51];
971
            /* round 13: */
972
            t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[52];
973
            t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[53];
974
            t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[54];
975
            t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[55];
976
        }
977
    }
978
    rk += key->rounds << 2;
979
#else  /* !FULL_UNROLL */
980
    /*
981
     * Nr - 1 full rounds:
982
     */
983
    r = key->rounds >> 1;
984
    for (;;) {
985
        t0 =
986
            Te0[(s0 >> 24)       ] ^
987
            Te1[(s1 >> 16) & 0xff] ^
988
            Te2[(s2 >>  8) & 0xff] ^
989
            Te3[(s3      ) & 0xff] ^
990
            rk[4];
991
        t1 =
992
            Te0[(s1 >> 24)       ] ^
993
            Te1[(s2 >> 16) & 0xff] ^
994
            Te2[(s3 >>  8) & 0xff] ^
995
            Te3[(s0      ) & 0xff] ^
996
            rk[5];
997
        t2 =
998
            Te0[(s2 >> 24)       ] ^
999
            Te1[(s3 >> 16) & 0xff] ^
1000
            Te2[(s0 >>  8) & 0xff] ^
1001
            Te3[(s1      ) & 0xff] ^
1002
            rk[6];
1003
        t3 =
1004
            Te0[(s3 >> 24)       ] ^
1005
            Te1[(s0 >> 16) & 0xff] ^
1006
            Te2[(s1 >>  8) & 0xff] ^
1007
            Te3[(s2      ) & 0xff] ^
1008
            rk[7];
1009

    
1010
        rk += 8;
1011
        if (--r == 0) {
1012
            break;
1013
        }
1014

    
1015
        s0 =
1016
            Te0[(t0 >> 24)       ] ^
1017
            Te1[(t1 >> 16) & 0xff] ^
1018
            Te2[(t2 >>  8) & 0xff] ^
1019
            Te3[(t3      ) & 0xff] ^
1020
            rk[0];
1021
        s1 =
1022
            Te0[(t1 >> 24)       ] ^
1023
            Te1[(t2 >> 16) & 0xff] ^
1024
            Te2[(t3 >>  8) & 0xff] ^
1025
            Te3[(t0      ) & 0xff] ^
1026
            rk[1];
1027
        s2 =
1028
            Te0[(t2 >> 24)       ] ^
1029
            Te1[(t3 >> 16) & 0xff] ^
1030
            Te2[(t0 >>  8) & 0xff] ^
1031
            Te3[(t1      ) & 0xff] ^
1032
            rk[2];
1033
        s3 =
1034
            Te0[(t3 >> 24)       ] ^
1035
            Te1[(t0 >> 16) & 0xff] ^
1036
            Te2[(t1 >>  8) & 0xff] ^
1037
            Te3[(t2      ) & 0xff] ^
1038
            rk[3];
1039
    }
1040
#endif /* ?FULL_UNROLL */
1041
    /*
1042
         * apply last round and
1043
         * map cipher state to byte array block:
1044
         */
1045
        s0 =
1046
                (Te4[(t0 >> 24)       ] & 0xff000000) ^
1047
                (Te4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
1048
                (Te4[(t2 >>  8) & 0xff] & 0x0000ff00) ^
1049
                (Te4[(t3      ) & 0xff] & 0x000000ff) ^
1050
                rk[0];
1051
        PUTU32(out     , s0);
1052
        s1 =
1053
                (Te4[(t1 >> 24)       ] & 0xff000000) ^
1054
                (Te4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
1055
                (Te4[(t3 >>  8) & 0xff] & 0x0000ff00) ^
1056
                (Te4[(t0      ) & 0xff] & 0x000000ff) ^
1057
                rk[1];
1058
        PUTU32(out +  4, s1);
1059
        s2 =
1060
                (Te4[(t2 >> 24)       ] & 0xff000000) ^
1061
                (Te4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
1062
                (Te4[(t0 >>  8) & 0xff] & 0x0000ff00) ^
1063
                (Te4[(t1      ) & 0xff] & 0x000000ff) ^
1064
                rk[2];
1065
        PUTU32(out +  8, s2);
1066
        s3 =
1067
                (Te4[(t3 >> 24)       ] & 0xff000000) ^
1068
                (Te4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
1069
                (Te4[(t1 >>  8) & 0xff] & 0x0000ff00) ^
1070
                (Te4[(t2      ) & 0xff] & 0x000000ff) ^
1071
                rk[3];
1072
        PUTU32(out + 12, s3);
1073
}
1074

    
1075
/*
1076
 * Decrypt a single block
1077
 * in and out can overlap
1078
 */
1079
void AES_decrypt(const unsigned char *in, unsigned char *out,
1080
                 const AES_KEY *key) {
1081

    
1082
        const u32 *rk;
1083
        u32 s0, s1, s2, s3, t0, t1, t2, t3;
1084
#ifndef FULL_UNROLL
1085
        int r;
1086
#endif /* ?FULL_UNROLL */
1087

    
1088
        assert(in && out && key);
1089
        rk = key->rd_key;
1090

    
1091
        /*
1092
         * map byte array block to cipher state
1093
         * and add initial round key:
1094
         */
1095
    s0 = GETU32(in     ) ^ rk[0];
1096
    s1 = GETU32(in +  4) ^ rk[1];
1097
    s2 = GETU32(in +  8) ^ rk[2];
1098
    s3 = GETU32(in + 12) ^ rk[3];
1099
#ifdef FULL_UNROLL
1100
    /* round 1: */
1101
    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[ 4];
1102
    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[ 5];
1103
    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[ 6];
1104
    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[ 7];
1105
    /* round 2: */
1106
    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[ 8];
1107
    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[ 9];
1108
    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[10];
1109
    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[11];
1110
    /* round 3: */
1111
    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[12];
1112
    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[13];
1113
    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[14];
1114
    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[15];
1115
    /* round 4: */
1116
    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[16];
1117
    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[17];
1118
    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[18];
1119
    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[19];
1120
    /* round 5: */
1121
    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[20];
1122
    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[21];
1123
    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[22];
1124
    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[23];
1125
    /* round 6: */
1126
    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[24];
1127
    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[25];
1128
    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[26];
1129
    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[27];
1130
    /* round 7: */
1131
    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[28];
1132
    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[29];
1133
    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[30];
1134
    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[31];
1135
    /* round 8: */
1136
    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[32];
1137
    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[33];
1138
    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[34];
1139
    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[35];
1140
    /* round 9: */
1141
    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[36];
1142
    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[37];
1143
    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[38];
1144
    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[39];
1145
    if (key->rounds > 10) {
1146
        /* round 10: */
1147
        s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[40];
1148
        s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[41];
1149
        s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[42];
1150
        s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[43];
1151
        /* round 11: */
1152
        t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[44];
1153
        t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[45];
1154
        t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[46];
1155
        t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[47];
1156
        if (key->rounds > 12) {
1157
            /* round 12: */
1158
            s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[48];
1159
            s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[49];
1160
            s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[50];
1161
            s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[51];
1162
            /* round 13: */
1163
            t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[52];
1164
            t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[53];
1165
            t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[54];
1166
            t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55];
1167
        }
1168
    }
1169
        rk += key->rounds << 2;
1170
#else  /* !FULL_UNROLL */
1171
    /*
1172
     * Nr - 1 full rounds:
1173
     */
1174
    r = key->rounds >> 1;
1175
    for (;;) {
1176
        t0 =
1177
            Td0[(s0 >> 24)       ] ^
1178
            Td1[(s3 >> 16) & 0xff] ^
1179
            Td2[(s2 >>  8) & 0xff] ^
1180
            Td3[(s1      ) & 0xff] ^
1181
            rk[4];
1182
        t1 =
1183
            Td0[(s1 >> 24)       ] ^
1184
            Td1[(s0 >> 16) & 0xff] ^
1185
            Td2[(s3 >>  8) & 0xff] ^
1186
            Td3[(s2      ) & 0xff] ^
1187
            rk[5];
1188
        t2 =
1189
            Td0[(s2 >> 24)       ] ^
1190
            Td1[(s1 >> 16) & 0xff] ^
1191
            Td2[(s0 >>  8) & 0xff] ^
1192
            Td3[(s3      ) & 0xff] ^
1193
            rk[6];
1194
        t3 =
1195
            Td0[(s3 >> 24)       ] ^
1196
            Td1[(s2 >> 16) & 0xff] ^
1197
            Td2[(s1 >>  8) & 0xff] ^
1198
            Td3[(s0      ) & 0xff] ^
1199
            rk[7];
1200

    
1201
        rk += 8;
1202
        if (--r == 0) {
1203
            break;
1204
        }
1205

    
1206
        s0 =
1207
            Td0[(t0 >> 24)       ] ^
1208
            Td1[(t3 >> 16) & 0xff] ^
1209
            Td2[(t2 >>  8) & 0xff] ^
1210
            Td3[(t1      ) & 0xff] ^
1211
            rk[0];
1212
        s1 =
1213
            Td0[(t1 >> 24)       ] ^
1214
            Td1[(t0 >> 16) & 0xff] ^
1215
            Td2[(t3 >>  8) & 0xff] ^
1216
            Td3[(t2      ) & 0xff] ^
1217
            rk[1];
1218
        s2 =
1219
            Td0[(t2 >> 24)       ] ^
1220
            Td1[(t1 >> 16) & 0xff] ^
1221
            Td2[(t0 >>  8) & 0xff] ^
1222
            Td3[(t3      ) & 0xff] ^
1223
            rk[2];
1224
        s3 =
1225
            Td0[(t3 >> 24)       ] ^
1226
            Td1[(t2 >> 16) & 0xff] ^
1227
            Td2[(t1 >>  8) & 0xff] ^
1228
            Td3[(t0      ) & 0xff] ^
1229
            rk[3];
1230
    }
1231
#endif /* ?FULL_UNROLL */
1232
    /*
1233
         * apply last round and
1234
         * map cipher state to byte array block:
1235
         */
1236
           s0 =
1237
                   (Td4[(t0 >> 24)       ] & 0xff000000) ^
1238
                   (Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
1239
                   (Td4[(t2 >>  8) & 0xff] & 0x0000ff00) ^
1240
                   (Td4[(t1      ) & 0xff] & 0x000000ff) ^
1241
                   rk[0];
1242
        PUTU32(out     , s0);
1243
           s1 =
1244
                   (Td4[(t1 >> 24)       ] & 0xff000000) ^
1245
                   (Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
1246
                   (Td4[(t3 >>  8) & 0xff] & 0x0000ff00) ^
1247
                   (Td4[(t2      ) & 0xff] & 0x000000ff) ^
1248
                   rk[1];
1249
        PUTU32(out +  4, s1);
1250
           s2 =
1251
                   (Td4[(t2 >> 24)       ] & 0xff000000) ^
1252
                   (Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
1253
                   (Td4[(t0 >>  8) & 0xff] & 0x0000ff00) ^
1254
                   (Td4[(t3      ) & 0xff] & 0x000000ff) ^
1255
                   rk[2];
1256
        PUTU32(out +  8, s2);
1257
           s3 =
1258
                   (Td4[(t3 >> 24)       ] & 0xff000000) ^
1259
                   (Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
1260
                   (Td4[(t1 >>  8) & 0xff] & 0x0000ff00) ^
1261
                   (Td4[(t0      ) & 0xff] & 0x000000ff) ^
1262
                   rk[3];
1263
        PUTU32(out + 12, s3);
1264
}
1265

    
1266
#endif /* AES_ASM */
1267

    
1268
void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
1269
                     const unsigned long length, const AES_KEY *key,
1270
                     unsigned char *ivec, const int enc)
1271
{
1272

    
1273
        unsigned long n;
1274
        unsigned long len = length;
1275
        unsigned char tmp[AES_BLOCK_SIZE];
1276

    
1277
        assert(in && out && key && ivec);
1278

    
1279
        if (enc) {
1280
                while (len >= AES_BLOCK_SIZE) {
1281
                        for(n=0; n < AES_BLOCK_SIZE; ++n)
1282
                                tmp[n] = in[n] ^ ivec[n];
1283
                        AES_encrypt(tmp, out, key);
1284
                        memcpy(ivec, out, AES_BLOCK_SIZE);
1285
                        len -= AES_BLOCK_SIZE;
1286
                        in += AES_BLOCK_SIZE;
1287
                        out += AES_BLOCK_SIZE;
1288
                }
1289
                if (len) {
1290
                        for(n=0; n < len; ++n)
1291
                                tmp[n] = in[n] ^ ivec[n];
1292
                        for(n=len; n < AES_BLOCK_SIZE; ++n)
1293
                                tmp[n] = ivec[n];
1294
                        AES_encrypt(tmp, tmp, key);
1295
                        memcpy(out, tmp, AES_BLOCK_SIZE);
1296
                        memcpy(ivec, tmp, AES_BLOCK_SIZE);
1297
                }                
1298
        } else {
1299
                while (len >= AES_BLOCK_SIZE) {
1300
                        memcpy(tmp, in, AES_BLOCK_SIZE);
1301
                        AES_decrypt(in, out, key);
1302
                        for(n=0; n < AES_BLOCK_SIZE; ++n)
1303
                                out[n] ^= ivec[n];
1304
                        memcpy(ivec, tmp, AES_BLOCK_SIZE);
1305
                        len -= AES_BLOCK_SIZE;
1306
                        in += AES_BLOCK_SIZE;
1307
                        out += AES_BLOCK_SIZE;
1308
                }
1309
                if (len) {
1310
                        memcpy(tmp, in, AES_BLOCK_SIZE);
1311
                        AES_decrypt(tmp, tmp, key);
1312
                        for(n=0; n < len; ++n)
1313
                                out[n] = tmp[n] ^ ivec[n];
1314
                        memcpy(ivec, tmp, AES_BLOCK_SIZE);
1315
                }                
1316
        }
1317
}